CenturyLink Limited

Private Cloud: Dedicated Cloud Compute

CenturyLink’s Private Cloud service provides a dedicated single tenant cloud platform fully integrated with storage and backup solutions. CenturyLink equips you with the tools to rapidly build, control and customise your IT environment. Private Cloud is ideal for environments which need to be secure and compliant.


  • Dedicated private cloud infrastructure
  • Powerful management, automation and orchestration platform.
  • Support for multiple private cloud operating systems
  • Enterprise SLAs for a Private Cloud environment
  • Fully integrated with Managed Storage, Backup and Database applications
  • Compliant & audited
  • Enterprise level security
  • High availability instance failover for Private Cloud
  • On demand instance and storage provisioning
  • Hardware optimisation with dynamic instance balancing


  • Single-tenant architecture enables private cloud compliance
  • Flexible business terms for changing requirements
  • Customer controlled online instance provisioning in minutes
  • Infrastructure that scales in line with your business
  • Pay by the instance model for private cloud
  • Rigorous SLAs ensure service availability for your users
  • Business continuity ensured via multiple UK Data Centres
  • Established service built using best of breed technology
  • Cost effective service with ability to over-subscribe infratsructure
  • Improved uptime achieved through Managed Security Services


£95 per instance per month

Service documents

G-Cloud 10


CenturyLink Limited

Mike Thomas

0330 060 9328


Service scope

Service scope
Service constraints CenturyLink offers a flexible Private Cloud service that can vary in configuration.

The constraints are dependent on the services subscribed by the customers.

This can be provided and detailed upon request.
System requirements Service Dependant

User support

User support
Email or online ticketing support Email or online ticketing
Support response times This is service / agreed SLA dependent. The response SLA's varies between 15 minutes to over 4 hours dependent on the severity level of the ticket.

The response times also varies depending the support level agreed. CenturyLink provides various levels starting 8/5 weekdays only to 24/7 support.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels The support levels are dependant on the priority / severity of the support request. The support levels varies from Tier 1 support to Tier 4 support.

Depending on the complexity of the infrastructure CenturyLink can provide specific support roles such as TSE (Technical Services Engineer), TOM (Technical Operations Manager), TAM (Technical Account Manager, CTA (Client Technology Advisor), etc... at additional cost under CenturyLink "CenturyLink Consulting Services" service description within the G-Cloud 10 Cloud Support Service.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The CenturyLink Private Cloud Onboarding team provide a flexible service to ensure that the customer is educated to ensure best use of the platform. The first week is usually introductions to the people and programme and at least one training session.The Assisted Deployment is where the QuickStart team assists you in building out additional VMs, creating reports, and working with backups and your other services.The final closure phase is where the QuickStart Team ensures the goals set out in the first meeting were met, and reviews all the support contacts and processes so that you know how to engage CenturyLink for ongoing support. Extended onboarding engagements are available on request.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction This is service dependant and also depends on the complexity of the infrastructure services provided.

CenturyLink has a standard methodology for the creation of an exit plan for its customers. The costs and timescales are wholly dependent on the size of the infrastructure, the requirements of the customer and the customer needs for the transfer of data back to the customer or its new supplier. A customer can request the return of data on a standard CD format or stored onto unique tape media, encrypted, duplicated and shipped to separate locations.
End-of-contract process CenturyLink has a standard methodology for the creation of an exit plan for its customers. The costs and timescales are wholly dependent on the size of the infrastructure, the requirements of the customer and the customer needs for the transfer of data back to the customer or its new supplier.

At a high-level the proposed exit plan methodology, under a statement of work, would be as follows:
The contract reaches the point of natural expiry is terminated as per the contract, or another trigger event occurs that requires the implementation of an exit plan.
CenturyLink Professional Services / Project Manager will own execution of the plan within CenturyLink.
Professional Services / Project Manager discuss with customer exactly what is required of the migration.
Professional Services / Project Manager engage the areas of the business required to deliver on the plan. If this exceeds contracted thresholds for exit costs, or is otherwise chargeable under the contract then these charges will be agreed with customer before commencement of the plan.
Execute in accordance with the agreed plan.

Using the service

Using the service
Web browser interface Yes
Using the web interface The CenturyLink Managed Services online portal is a web based application that provides approved customer representatives with secure access using almost any web browser. Throughout the portal, users can customise and configure their views. The portal is built with a focus on security and user permissions. Customer information is safe, and only accessible by those with the proper authorisation. There is no charge for customers to use the Managed Services online portal, and there is no limit to the number of user accounts that can be assigned for a customer.
The CenturyLink Managed Services portal:
• Provides alert and notification management capabilities
• Allows end user customisation and configuration
• Enables monitoring setup and self-provisioning
• Delivers permissions-based functionality
• Features an intuitive and easy-to-use user interface
• Supports mobile device access
• Provides interactive charts and graphs with drill-down capabilities
• Enables custom reporting with automated e-mail delivery
• Facilitates order and invoice management
• Supports change management processes
• Enables easy case management and tracking
• Features a web services Applications Programming Interface (API) for maintenance and ticket management
• Allows an unlimited number of user accounts
• Includes a comprehensive document library
Web interface accessibility standard None or don’t know
How the web interface is accessible N\A
Web interface accessibility testing None
Command line interface No


Scaling available Yes
Scaling type Manual
Independence of resources The CenturyLink Private Cloud platform is a dedicated / private cloud platform that will be physically and logically dedicated to a specific customers at all levels including Network, Compute and Storage. The platform will be physically and logically isolated from other users / customers and the customer can make full use of its performance capabilities.
Usage notifications Yes
Usage reporting
  • Email
  • Other


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up Service dependant
Backup controls Backup includes data backup and restore on demand, utilising high capacity and high availability tape libraries. Backup Encryption provides the same services as Utility Backup with the addition of data encryption throughout the lifecycle of the data Vaulting includes retention, data management and rotation of data to off-site secure data archiving facilities. Service is only available to Customers whose backups are managed by CenturyLink. Backup targets and schedules can be adjusted via CenturyLink support centre by creating support request using Web Portal.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network CenturyLink will protect the customer data by using various mechanisms at different levels depending upon the complexity and protection levels, this includes but not limited to; physically and logically isolating the data with the environment, SAN zoning at the storage layer, Firewall policies and Access Control Lists (ACL) at the network layer, Multi-Factor Authentication, Physical Access controls, Change Control, etc.. Further details can be provided upon request.

Availability and resilience

Availability and resilience
Guaranteed availability CenturyLink provides a minimum of 99.95% system availability to its customers. CenturyLink managed its services to meet its SLAs in the following ways:

1. CenturyLink Service Management team provide the primary interface Client Service Partner (CSP) for SLA management. The Client Service Partner is responsible for CenturyLink’s performance against the agreed SLA’s, and will monitor and report on performance on an on-going basis. As part of their role, the Client Service Partner’s perform the following functions that CenturyLink support SLA management:
• Root Cause Analysis (“RCA”) reporting. In the event of a major outage, a Client Service Provider will create and submit to customer an RCA, which details the root cause of an outage, and subsequent follow up actions.
Corrective Action Plan (“CAP”) creation. Following on from an RCA, the Client Service Partner will lead the creation of a CAP and propose to customer the corrective actions that CenturyLink will employ to mitigate the cause of the outage to prevent its recurrence. This may take many forms dependent on the type of incident, including but not limited to; Process changes (both within CenturyLink, and its interface with customer), further training, solution correction or re-configuration, additional patching or updates etc.
Approach to resilience This is a CenturyLink confidential information that can be made available upon request under an NDA.
Outage reporting As a standard CenturyLink will report outage by sending automatic email alerts and Dashboard Status Updates. For customers with a dedicated service partner any outages will be reported by the service partner resource either by email or a telephone contact to the nominated customer resource.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Management interfaces are restricted by logically and physically isolating them on a separate network with rigid access controls in place.

Any user accessing the management interfaces and support channels will have to authenticate using a separate username and password or multi factor authentication that is different from their normal network username and password.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Schellman
ISO/IEC 27001 accreditation date 30/06/2017
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 29/06/2015
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover N/A
PCI certification Yes
Who accredited the PCI DSS certification Schellman
PCI DSS accreditation date 25/10/2017
What the PCI DSS doesn’t cover Specific customer environments – The certification is of CenturyLink as a service provider. The ROS and AOC are available on request.
Other security certifications Yes
Any other security certifications
  • PSN Customer Certified
  • PSN Supplier Certified

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards SOC1 / SSAE 16
ISO 27001
ISO 9001
EU Directive 95/46/EC
Information security policies and processes There are a number of policies and processes that apply across CenturyLink internal and customer infrastructure, policies are critical for providing assurance to customers, regulators and auditors. CenturyLink takes seriously the confidentiality, integrity and availability of data placed in its care. There are also a number of guidelines that CenturyLink follow while working with confidential and/or personal data. The policies include, but not limited to, Access Control Policy, Application Control Policy, Antivirus Policy, Asset Management Policy, Data Centre Design Policy, Conditions of use of IT facilities at CenturyLink, Confidential Information Transfer Policy, Electronic Messaging Policy, IT User Accounts Policy, Laptop Encryption Policy, Network Connection Policy, Password Policy, Patch Management Policy, PCI DSS Compliance Policy, Information Security Policy, Remote Access Policy, etc.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach The Change Management policy is designed to apply standardised methods and procedures on a global basis to provide efficient and prompt handling of all changes to the Infrastructure to minimize the impact to Clients and include:
Ensuring the continuity of business and system process
Establishing a process for communicating and managing changes for increased visibility and communication of changes to both the business and operational support staff
Reducing the number of incidents caused by changes
Increasing effectiveness of changes by including lines of business in the decision process
Improving confidence in Global Technical Organisation to maintain network and system availability
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach CenturyLink performs vulnerability scans on the shared infrastructure environment including the Hosted Area Network & Management Infrastructure that looks for known vulnerabilities or configuration weaknesses in applications, systems or infrastructure . Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities. Approved 3rd party vendors may conduct external assessments for customers by contacting CenturyLink operations centre and with prior notification. Note that CenturyLink does not allow customer testing of any parts of the shared infrastructure, any testing must be scoped within a customer’s own deployed solution.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach The Service Centre is the single point of contact for requests and incidents. The Service Centre also provides constant proactive monitoring, vendor management and communication of incidents within a client’s environment.
The Service Centre is staffed Incident Specialists who have the following responsibilities:
Incident Specialists are responsible for monitoring and responding to events originating from CenturyLink’s proactive monitoring infrastructure toolset. They have management control over customer infrastructure and adhere to a strict functional escalation methodology to enable rapid fault isolation and restoration of customer services. Incident Specialists communicate directly with the customer during incident troubleshooting and resolution or change execution.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach CenturyLink will provide customer support 24 x 7. When an Incident or Request occurs, CenturyLink shall use reasonable efforts to meet the Time to Respond Objectives we have in place.
Incidents are categorized as severity levels P1 (Urgent), P2 (High), and P3 (Medium). Requests are categorized as severity levels P1 (Urgent) or P4 (Low).
There are four ways for a customer to initiate a request:
Proactive Monitoring; Phone Call; Portal; E-mail
Updates for P1 Incidents are sent every hour, P2 Incidents and P1 Requests are sent every four hours. P3 Incidents and P4 Requests are sent every 24 hours.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate The CenturyLink Private Cloud platform is a dedicated / private cloud platform that will be physically and logically dedicated to a specific organisation at all levels including Network, Compute and Storage.

The platform will be physically and logically isolated from other users / customers and the customer can make full use of its performance capabilities.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £95 per instance per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑